InfoSec Handlers Diary Blog

Reader Ben sent an email reminding me that I must have been living under a rock to miss the sudden uptick in Gumblar/JSRedir-R drive-bys.

Although this malware has been around for a while, several A/V vendors and some relatively mainstream news outlets have recently reported a large increase in websites injected with JSRedir-R/Gumblar. According to Sophos this malware accounted for approximately 42% of all infected websites detected in the last week, nearly 6 times its closest rival.

Although the infection method is not clear, given the variety of servers and platforms, it is most likely weak login credentials.